[Bug 786096] New: cron does not close file descriptors before invocation of commands
https://bugzilla.novell.com/show_bug.cgi?id=786096 https://bugzilla.novell.com/show_bug.cgi?id=786096#c0 Summary: cron does not close file descriptors before invocation of commands Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: f+novell@congenio.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0 When I use lvm2 commands within a shell script that is being called from cron, I always get errors like these in the cron mails: File descriptor 5 (/var/spool/cron/tabs) leaked on lvcreate invocation. Parent PID 15139: /bin/sh File descriptor 6 (/etc/cron.d) leaked on lvcreate invocation. Parent PID 15139: /bin/sh File descriptor 7 (/etc/crontab) leaked on lvcreate invocation. Parent PID 15139: /bin/sh It shows that lvm2 regards open file descriptors as a security hole, complains and then closes them. This behaviour can be temporarily fixed by setting the undocumented environment variable LVM_SUPPRESS_FD_WARNINGS. However, it should be fixed in cron itself - there is a similar bug in Debian, so the bug could be fixed upstream (maybe it already is). Reproducible: Always Steps to Reproduce: Use any lvm2 command in a cron script. Actual Results: Mail containing errors about leaked file descriptors that cron left open: File descriptor 5 (/var/spool/cron/tabs) leaked on lvcreate invocation. Parent PID 15139: /bin/sh File descriptor 6 (/etc/cron.d) leaked on lvcreate invocation. Parent PID 15139: /bin/sh File descriptor 7 (/etc/crontab) leaked on lvcreate invocation. Parent PID 15139: /bin/sh Expected Results: No error output. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c1
Markus Zimmermann
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c2
--- Comment #2 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c3
--- Comment #3 from Markus Zimmermann
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c4
--- Comment #4 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c5
--- Comment #5 from Uwe Meyer-Gruhl
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c6
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c7
--- Comment #7 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Matthias Weckbecker
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c8
--- Comment #8 from Christian Boltz
The only regular file that leaks a read-only fd is /etc/crontab which is readable by users anyway. So there is not really a security issue; only bad coding style.
That depends ;-) # grep /etc/crontab /etc/permissions* /etc/permissions.easy:/etc/crontab root:root 644 /etc/permissions.paranoid:/etc/crontab root:root 600 /etc/permissions.secure:/etc/crontab root:root 600 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c9
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c10
Wojtek Dziewięcki
Vojtech, could you check whether this patch works?
Yes, I can confirm that the patch eliminates this behaviour. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c11
--- Comment #11 from Wojtek Dziewięcki
Does this affect only openSUSE version of cron, or also SLES versions?
Only openSUSE. I cannot reproduce with the cron version taken from SLE-11 repos. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c12
--- Comment #12 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c13
Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c14
--- Comment #14 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c15
--- Comment #15 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c16
--- Comment #16 from Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c19
--- Comment #19 from Sebastian Krahmer
From Vincent Danen:
Ok, so did some more digging based on some info from one of our developers that we had patched this in Fedora. Looks like this patch introduced the leak on 2011-04-28: http://git.fedorahosted.org/cgit/cronie.git/commit/src/cron.c?id=acdf4ae8456... +28f54582 And this patch reverted it on 2011-06-29: http://git.fedorahosted.org/cgit/cronie.git/commit/src/cron.c?id=b19007ca9fd... +1d5e0419 So it looks like only 1.4.8 was affected by this (which, judging by the patch in your bugzilla is the same version you're seeing as affected). That might be a better patch to use than what you're using. Anyways, this only affects 1.4.8 (for any others using cronie and concerned as to whether or not they might be affected). This was also reported to our bugzilla here: https://bugzilla.redhat.com/show_bug.cgi?id=717505 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c20
--- Comment #20 from Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c21
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c22
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c23
--- Comment #23 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c24
--- Comment #24 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c25
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=786096
https://bugzilla.novell.com/show_bug.cgi?id=786096#c26
--- Comment #26 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com